HPE Community
Operating System - HP-UX
1827892 Members
1808 Online
109969 Solutions
New Discussion

Re: SIM WBEM install problem on vpar with multiple openssl versions

 
SOLVED
Go to solution
John P. Creighton
Senior Member

‎02-16-2010 07:45 AM

‎02-16-2010 07:45 AM

SIM WBEM install problem on vpar with multiple openssl versions

Hi, where ramping up to migrate all our HP-UX 11.11 boxes from ISEE to SIM starting with our test/dev/dr boxes. During the swinstall of our SIM depot some boxes already have the Internet Express version of OpenSSL (.e.g ixOpenSSL installed), whereas SIM wants it's own /opt/openssl version). What I've done on other non-vpars is to use the -x allow_multiple_versions=true which installs and runs cim_server startup just fine. However on similar vpars the swinstall errors cause WBEM/cim_server services to fail startup. I'm wondering if a re-install would help or if I need to first swremove the iXOpenSSL version (/opt/iexpress/openssl - which a symlink seems to be created for the last one installed - /usr/bin/openssl --> /opt/iexpress/openssl/bin/openssl or when the SIM version is swinstalled it points to /opt/openssl/bin/openssl

I'm at a new account and once I get a Service-Aggreement-ID/System Handle I'll try to create a software ticket - but in the interim here's my swisntall errors:

root@ts3dcdb1# ./cim_server start
ssltrustmgr: /etc/opt/hp/sslshare/cert.pem does not exist
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file that
'random' data can be kept in (the file will be overwritten).
2456:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:512:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file that
'random' data can be kept in (the file will be overwritten).
2460:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:512:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file that
'random' data can be kept in (the file will be overwritten).
2464:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:512:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Generating a 2048 bit RSA private key
2467:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:512:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
2467:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:184:
chmod: can't access /etc/opt/hp/sslshare/file.pem
/etc/opt/hp/sslshare/file.pem: No such file or directory
/etc/opt/hp/sslshare/file.pem: No such file or directory
chmod: can't access /etc/opt/hp/sslshare/cert.pem
/etc/opt/hp/sslshare/cert.pem: No such file or directory
/etc/opt/hp/sslshare/cert.pem: No such file or directory
PGS10033: The CIM Server is not started: PGS00415: SSL exception: PGS09203: Not enough seed data in random seed file: /var/opt/wbem/cimserver.rnd.
ERROR CODE 1

The FAQ doesn't seem to answer this issue.

Thanks,

John Creighton

0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎02-16-2010 08:43 AM

‎02-16-2010 08:43 AM

Solution

Re: SIM WBEM install problem on vpar with multiple openssl versions

Shalom,

I would remove the Internet Express version of openssl and use the one provided on the install media or http://software.hp.com

That should work for all ssl enabled applications and websites and such.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
John P. Creighton
Senior Member

‎02-16-2010 01:32 PM

‎02-16-2010 01:32 PM

Re: SIM WBEM install problem on vpar with multiple openssl versions


Thanks for getting back. Moving forward I'll first remove the existing IE OpenSSL. For the 3 vpars that have WBEM/cim_server start corruptions I figure I'll replace the old IE symlinks and swremove ixOpenSSL, then reinstall the depot again with the SIM version.
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎02-16-2010 01:35 PM

‎02-16-2010 01:35 PM

Re: SIM WBEM install problem on vpar with multiple openssl versions

I really doubt if multiple versions can co-exist ... I would expect at least some warnings or even errors during install.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
John P. Creighton
Senior Member

‎02-17-2010 06:18 AM

‎02-17-2010 06:18 AM

Re: SIM WBEM install problem on vpar with multiple openssl versions

Torsten,
For servers that already had the Internet Express version of OpenSSL the swinstall of our SIM depot would complain when trying to install it's OpenSSL version that an existing version already exists and that you'd have to use -x allow_multiple_versions=true which I did and it permits having both to be installed.
However what I found was the non-vpars successfully were able to run the postinstall SIM/WBEM configs for it's packages - whereas the vpar ones would error out and not be able to config themselves (errors above). One of the HP SIM techs that assisting our site did some research and found that the recommendation was to first swremove the Internet Express OpenSSL version prior to the SIM depot install. This was after I had already successfully used the allow_multiple_versions on some of our non-vpars - but now the problems arise with the vpar systems. I do know having multiple versions of software won't let you commit them and makes for tricky verification/removal as you have to specify the version to work on.

johnc
0 Kudos
Reply
John P. Creighton
Senior Member

‎02-17-2010 08:42 AM

‎02-17-2010 08:42 AM

Re: SIM WBEM install problem on vpar with multiple openssl versions

Well I was able to swremove the Internet Express OpenSSL then run swinstall on the depot with -x reinstall=true which was fine with analysis/install but again in post config it errors out trying to config the sim packages - starting with

Unable to create self-signed host certificate.

I'll open a s/w call ticket
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.